REST API: Add action-delete flag to declare delete_post capability for post objects #335
Conversation
| @@ -1981,10 +1981,14 @@ protected function get_available_actions( $post, $request ) { | |||
|
|
|||
| $post_type = get_post_type_object( $post->post_type ); | |||
|
|
|||
| if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) { | |||
| if ( 'attachment' !== $this->post_type && current_user_can( 'publish_post', $post->ID ) ) { | |||
There was a problem hiding this comment.
Since this is an action for the specific post we should use the meta cap and pass the post ID to the check. By default this just falls back to publish_posts.
There was a problem hiding this comment.
Is this related to https://core.trac.wordpress.org/ticket/47443?
| 'properties' => array( | ||
| 'delete' => array( | ||
| 'type' => 'boolean', | ||
| ), | ||
| ), |
There was a problem hiding this comment.
This probably needs to be something else?
There was a problem hiding this comment.
The idea of the targetSchema is so that a developer can programmatically determine that changing the resource such that it would successfully validate against the targetSchema would require a specific set of capabilities beyond PUT being available in the Allow header. The developer can then verify that the resource includes this link in the response.
Since a post is deleted by making a DELETE request instead of a PUT, the targetSchema can't actually be used and the link relation solely communicates the semantics.
So we could drop the targetSchema entirely.
|
Superseded by WordPress/gutenberg#23174. |
Trac ticket: https://core.trac.wordpress.org/ticket/50388
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.